Slashdot Mirror

← Back to Stories (view on slashdot.org)

For 18 Minutes, 15% of the Internet Routed Through China

Posted by CmdrTaco on from the i-bet-it's-nice-to-visit dept.

olsmeister writes "For 18 minutes this past April, 15% of the world's internet traffic was routed through servers in China. This includes traffic from both .gov and .mil US TLDs." The crazy thing is that this happened months ago, and nobody noticed. Hope you're encrypting your super-secret stuff.

5 of 247 comments (clear)

  1. There goes the neighborhood... by digitaldc · · Score: 4, Interesting

    It remains unclear whether the redirection was intentional, the report says, but it demonstrates that it is possible for malicious actors to seize control of the Internet and redirect traffic.
    On April 8, according to Web security specialists, a small Chinese Internet service provider published a set of instructions under the Border Gateway Protocol, that directed Web traffic from about 37,000 networks to route itself via computer servers in China.
    The list was republished by China Telecom and briefly propagated itself across the global Web, which works on a trust system, with each server updating its routing instructions based on data provided by others in the network.

    What the hell is a 'trust system' anyway? Is that part of the Border Gateway Protocol?
    Maybe someone needs to take a closer look at this 'trust system.'

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  2. So? 100% of US traffic goes through NSA "closets" by thesandbender · · Score: 4, Interesting

    Well, maybe not 100% but it's established that the bulk of US traffic is trunked off to closets in AT&T (and other) switch rooms. This is going to include any communications going to points outside the US and (more importantly) any traffic that happens to be routed through the US while going between two points outside the US.

  3. Re:This points to obvious fact by arivanov · · Score: 5, Interesting

    Or it is.

    It is just that the USA has forgotten the Internet basics. It has also forgotten major past incidents like that case from 10 years back when one small ISP in Florida directed most of the Internet traffic through itself and fell over.

    USA internet has very little redundancy. Most of the peering is private, in very few locations and the routes announced by ISPs to each other are not filtered based on declared ISP announcement policy. As the few remaining ISPs are so big the announcement lists have grown to a size where filtering them poses a technical difficulty. In addition to that because the ISPs are big they trust each others change control that routes for blocks which are "somebody's elses will not be announced". Bad Idea (TM). And that is why this was possible in the first place.

    Compared to that in Europe most of the peering is public and nearly all ISPs heavily filter the route announcements coming from other peers. A Chinese ISP which would announce blocks it does not own would simply be ignored. It is of course possible for the ISP in question to add the policy to its official export list, post it to RIPE, get it propagated to other ISPs and then announce the routes, but that will take time and will have a big chance to be noticed. It will also be clear that there is "no mistake" there so the ISP in question will really get kicked off the internet for this one.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  4. Re:As designed by janeuner · · Score: 2, Interesting

    Yes. It worked as designed. That is the crazy thing.

  5. Keepalive -packet for friendships by Anonymous Coward · · Score: 1, Interesting

    There are two kinds of people you know but don't interact daily with: Those you don't really care about (Old classmate that you never really hung out with... He's just on your contact list because... Well... Why the hell not? It doesn't cost you anything and might be useful some day) and those that you still are interested in but just haven't had anything to say to at the moment or haven't interacted with lately but might want to reconnect with. Pokes are for the latter group: They signal "Heya. I'm here if you need me or if you'd like to grab a beer some day.. Just wanted to let you know but I don't really need response right now and just writing this all would feel stupid..." so in a way they're like keepalive packets for friendships: No data is being exchanged except for the fact that the connection still exists. The old fashioned way to do this was christmas cards but they have their flaws (mainly, latency).

    What facebook does is essentially this one: It makes it really easy to get back in touch. I have friends that I didn't really speak to for a year or two and at that point it was unlikely that I'd ever just spontaneously call him. But a few comments on each others' facebook statuses was easy, then a message, then the call, then the actual human interaction. It lowers the treshold. Pokes are one tool at that: Haven't talked to someone for a few years but suddenly get interested on how he is doing? Poke. No obligations, nothing, just one click. But if he pokes back, he's probably also interested in how you're doing and the treshold to start a conversation just went down by half.

    You can compare it to christmas cards, the children's "Do you like me? [ ] Yes, [ ] No" notes or whatever (there are numerous more example of offline pokes: Things simply to lower the treshold for the real interaction). You might think that it is a shame that those exists (that the treshold should stay higher)... I dunno. Whatever you (or I) think about it, we're quickly going towards the point where that treshold for social interaction doesn't exist (it has been an ongoing trend ever since phones made it a lot easier to call someone than to visit them).